search

Infisical / infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI
https://infisical.com
Other
15.23k stars 881 forks source link

Bad TTL in Machine Identity Secret Renders Web App Inoperable #2098

Closed alex0112 closed 2 months ago

alex0112 commented 2 months ago

Describe the bug

Setting a high TTL on a machine identity secret renders the app inoperable

To Reproduce

Steps to reproduce the behavior:

  1. Create a new machine identity
  2. Generate a secret associated with the machine identity
  3. Set the TTL to 9999999999 or similar
  4. Observe the error that pops up in a toast notification, and refresh the page to produce the screenshots below

Expected behavior

Either a limit on the TTL

Screenshots

image

Platform you are having the issue on:

Web App (Firefox). Self Hosted.

Additional context

Purely speculation on my part: but it seems that a bad value for the TTL gets written to the database and the front end app is unable to handle the high value when it tries to render the token again. At least that seems consistent with my observations.

DanielHougaard commented 2 months ago

Hi @alex0112

Thank you for the report. We have this on our internal todo list currently, we'll get back to you as soon as a fix for this is live!

sheensantoscapadngan commented 2 months ago

Hey @alex0112! This should be resolved now in the latest release. Now, you can only create machine identities and client secrets with a max TTL of 10 years